package com.ely.coupon.auth.config;

import com.ely.coupon.auth.handler.*;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

import javax.annotation.Resource;

/**
 *
 */
@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
    @Resource
    private UserAuthSuccessHandler userAuthSuccessHandler;
    @Resource
    private UserAuthFailHandler userAuthFailHandler;
    @Resource
    private UserLogoutSuccessHandler logoutSuccessHandler;
    @Resource
    private UserAccessDeniedHandler userAccessDeniedHandler;
    @Resource
    UserUnAuthPointHandler userUnAuthPointHandler;
    @Resource
    private AuthenticationManager authenticationManager;
    @Resource
    private WebSecurityConfigProperties webSecurityConfigProperties;


    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

        return http.authorizeRequests(auth -> {
                    // 过滤白名单
                    auth.antMatchers(webSecurityConfigProperties.getList().toArray(new String[0])).permitAll().anyRequest().authenticated();
                })
                // 登录相关配置
                .formLogin().permitAll()
                //
                .successHandler(userAuthSuccessHandler).failureHandler(userAuthFailHandler)
                // 登出配置
                .and().logout().logoutSuccessHandler(logoutSuccessHandler)
                //  未授权
                .and().exceptionHandling().accessDeniedHandler(userAccessDeniedHandler)
                //
                .and()
                //
                .httpBasic().authenticationEntryPoint(userUnAuthPointHandler)
                //
                .and().csrf().disable().cors().disable()
                //
                .authenticationManager(authenticationManager).build();
    }

//    @Bean
//    public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
//        return http.getSharedObject(AuthenticationManagerBuilder.class)
//                //
//                .inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance()).withUser("admin").password("1213456").roles("ROLE_ADMIN")
//                //
//                .and().and().build();
//    }

    @Bean
    public AuthenticationManager authenticationManager(HttpSecurity http, UserDetailsService userDetailsService, PasswordEncoder passwordEncoder) throws Exception {
        return http.getSharedObject(AuthenticationManagerBuilder.class)
                //
                .userDetailsService(userDetailsService).passwordEncoder(passwordEncoder)
                //
                .and().build();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}
